----------------------------------------
This Issue is Sponsored by: SPI Dynamics
ALERT: "How A Hacker Launches A Cross-Site Scripting Attack"- White Paper
Cross-site scripting vulnerabilities in web apps allow hackers to compromise confidential information, steal cookies and create requests that can be mistaken for those of a valid user!! Download this *FREE* white paper from SPI Dynamics for a complete guide to protection!
https://download.spidynamics.com/1/ad/xss.asp?Campaign_ID=70160000000CsFU
SECURITY BLOGS
SecurityFocus has selected a few syndicated sources that stand out as conveying topics of interest for our community. We are proud to offer content from Matasano at this time and will be adding more in the coming weeks.
http://www.securityfocus.com/blogs
------------------------------------------------------------------
I. FRONT AND CENTER
1. Don't Be Evil
2. Persistence of data on storage media
II. LINUX VULNERABILITY SUMMARY
1. F-Secure Multiple Anti-Virus Products LHA and RAR Archives Scan Bypass Vulnerability
2. Gnome Evolution Data Server Array Index Memory Access Vulnerability
3. GNU Emacs Image Processing Remote Denial of Service Vulnerability
4. BitchX Hook.C Remote Buffer Overflow Vulnerability
5. Ingress Database Server Multiple Remote Vulnerabilities
6. Red Hat Cluster Suite CMan Local Buffer Overflow Vulnerability
7. EKG Multiple Remote Denial of Service Vulnerabilities
8. Red Hat Kernel SysFS_ReadDir NULL Pointer Dereference Vulnerability
9. Apache HTTP Server Mod_Status Cross-Site Scripting Vulnerability
10. SlackRoll GnuPG And HTTP Codes Signature Validation Bypass Vulnerability And Weakness
11. Apache HTTP Server Mod_Cache Denial of Service Vulnerability
12. MIT Kerberos 5 KAdminD Server Rename_Principal_2_SVC() Function Stack Buffer Overflow Vulnerability
13. MIT Kerberos Administration Daemon RPC Library Free Pointer Remote Code Execution Vulnerability
14. MIT Kerberos 5 KAdminD Server RPC Type Conversion Stack Buffer Overflow Vulnerability
15. RealPlayer/HelixPlayer ParseWallClockValue Function Buffer Overflow Vulnerability
16. Wireshark Multiple Protocol Denial of Service Vulnerabilities
17. CA BrightStor ARCserve Backup Server Unspecified Remote Code Execution Vulnerability
III. LINUX FOCUS LIST SUMMARY
IV. UNSUBSCRIBE INSTRUCTIONS
V. SPONSOR INFORMATION
I. FRONT AND CENTER
---------------------
1. Don't Be Evil
By Mark Rasch
A series of developments raise the specter that remotely stored or created documents may be subject to subpoena or discovery all without the knowledge or consent of the document's creators.
http://www.securityfocus.com/columnists/447
2. Persistence of data on storage media
By Jamie Ridden
Jamie Ridden discusses the re-use of storage media and how slack space can prevent sensitive data from being completely removed.
http://www.securityfocus.com/infocus/1891
II. LINUX VULNERABILITY SUMMARY
------------------------------------
1. F-Secure Multiple Anti-Virus Products LHA and RAR Archives Scan Bypass Vulnerability
BugTraq ID: 24525
Remote: Yes
Date Published: 2007-06-19
Relevant URL: http://www.securityfocus.com/bid/24525
Summary:
Multiple F-Secure Anti-Virus products are prone to a vulnerability that may allow certain compressed archives to bypass the scan engine.
An attacker may exploit this issue by sending maliciously crafted RAR or LHA archives to victims.
Successful exploits will allow attackers to distribute compressed archives containing malicious code that will not be detected by the antivirus application.
2. Gnome Evolution Data Server Array Index Memory Access Vulnerability
BugTraq ID: 24567
Remote: Yes
Date Published: 2007-06-21
Relevant URL: http://www.securityfocus.com/bid/24567
Summary:
Evolution is prone to an input-validation error that attackers may exploit to execute arbitrary code. The vulnerability stems from an input-validation error for a critical array index value.
Versions prior to Evolution Data Server 1.11.4 are vulnerable.
3. GNU Emacs Image Processing Remote Denial of Service Vulnerability
BugTraq ID: 24570
Remote: Yes
Date Published: 2007-06-21
Relevant URL: http://www.securityfocus.com/bid/24570
Summary:
The 'emacs' program is prone to a remote denial-of-service vulnerability because it fails to handle malicious image files.
Successful exploits may allow remote attackers to cause denial-of-service conditions on computers running the affected application.
4. BitchX Hook.C Remote Buffer Overflow Vulnerability
BugTraq ID: 24579
Remote: Yes
Date Published: 2007-06-21
Relevant URL: http://www.securityfocus.com/bid/24579
Summary:
BitchX is prone to a remote buffer-overflow vulnerability because the application fails to bounds-check user-supplied data before copying it into an insufficiently sized buffer.
An attacker can exploit this issue to execute arbitrary code within the context of the affected application. Failed exploit attempts will result in a denial-of-service condition.
This issue affects BitchX 1.1-final; other versions may also be affected.
5. Ingress Database Server Multiple Remote Vulnerabilities
BugTraq ID: 24585
Remote: Yes
Date Published: 2007-06-21
Relevant URL: http://www.securityfocus.com/bid/24585
Summary:
Ingress Database Server included in CA eTrust Secure Content Manager is prone to multiple remote vulnerabilities, including multiple stack- and heap-based buffer-overflow issues, multiple pointer-overwrite issues, and an arbitrary-file-overwrite issue.
Successful exploits will allow attackers to completely compromise affected computers, including executing arbitrary code with SYSTEM-level privileges and truncating the 'alarkp.def' file.
6. Red Hat Cluster Suite CMan Local Buffer Overflow Vulnerability
BugTraq ID: 24595
Remote: No
Date Published: 2007-06-22
Relevant URL: http://www.securityfocus.com/bid/24595
Summary:
Red Hat Cluster Suite is prone to an unspecified remote buffer-overflow vulnerability because the application fails to bounds-check user-supplied data before copying it into an insufficiently sized buffer.
An attacker can exploit this issue to execute arbitrary code with 'cluster manager' privileges. Failed exploit attempts will result in a denial of service.
NOTE: This issue was originally reported in the Ubuntu distribution of the software, but other distributions may also be affected.
7. EKG Multiple Remote Denial of Service Vulnerabilities
BugTraq ID: 24600
Remote: Yes
Date Published: 2007-06-23
Relevant URL: http://www.securityfocus.com/bid/24600
Summary:
EKG is prone to multiple remote denial-of-service vulnerabilities because of design errors.
An attacker can trigger these issues to cause denial-of-service conditions to legitimate users of the application.
8. Red Hat Kernel SysFS_ReadDir NULL Pointer Dereference Vulnerability
BugTraq ID: 24631
Remote: No
Date Published: 2007-06-25
Relevant URL: http://www.securityfocus.com/bid/24631
Summary:
The Red Hat kernel is prone to a NULL-pointer dereference vulnerability.
A local attacker can exploit this issue to crash the affected kernel, denying service to legitimate users.
UPDATE (June 26, 2007): Given the nature of this issue, remote code execution may also be possible but has not been confirmed.
9. Apache HTTP Server Mod_Status Cross-Site Scripting Vulnerability
BugTraq ID: 24645
Remote: Yes
Date Published: 2007-06-26
Relevant URL: http://www.securityfocus.com/bid/24645
Summary:
The Apache HTTP Server mod_status module is prone to a cross-site scripting vulnerability because the application fails to properly sanitize user-supplied input.
An attacker may leverage this issue to execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site. This may allow the attacker to steal cookie-based authentication credentials and to launch other attacks.
10. SlackRoll GnuPG And HTTP Codes Signature Validation Bypass Vulnerability And Weakness
BugTraq ID: 24648
Remote: Yes
Date Published: 2007-06-26
Relevant URL: http://www.securityfocus.com/bid/24648
Summary:
SlackRoll is prone to a signature-validation bypass vulnerability and an HTTP-error detection weakness
These issues occur because the application fails to adequately interpret certain GnuPG exit codes and HTTP error codes.
An attacker can exploit these issues to bypass GnuPG signature detection. Successful attacks could result in the execution of arbitrary code; other attacks are possible.
Versions prior to SlackRoll 8 are vulnerable.
11. Apache HTTP Server Mod_Cache Denial of Service Vulnerability
BugTraq ID: 24649
Remote: Yes
Date Published: 2007-06-26
Relevant URL: http://www.securityfocus.com/bid/24649
Summary:
The Apache mod_cache module is prone to a denial-of-service vulnerability.
A remote attacker may be able to exploit this issue to crash the child process. This could lead to denial-of-service conditions if the server is using a multithreaded Multi-Processing Module (MPM).
12. MIT Kerberos 5 KAdminD Server Rename_Principal_2_SVC() Function Stack Buffer Overflow Vulnerability
BugTraq ID: 24653
Remote: Yes
Date Published: 2007-06-26
Relevant URL: http://www.securityfocus.com/bid/24653
Summary:
Kerberos 5 kadmind (Kerberos Administration Daemon) server is prone to a stack-based buffer-overflow vulnerability because the software fails to adequately bounds-check user-supplied data before copying it to an insufficiently sized buffer.
An attacker can exploit this issue to execute arbitrary code with administrative privileges. A successful attack can result in the complete compromise of the application. Failed attempts will likely result in denial-of-service conditions.
All kadmind servers run on the master Kerberos server. Since the master server holds the KDC principal and policy database, an attack may not only compromise the affected computer, but could also compromise multiple hosts that use the server for authentication.
Kerberos 5 kadmind 1.6.1, kadmind 1.5.3 and prior versions are vulnerable.
13. MIT Kerberos Administration Daemon RPC Library Free Pointer Remote Code Execution Vulnerability
BugTraq ID: 24655
Remote: Yes
Date Published: 2007-06-26
Relevant URL: http://www.securityfocus.com/bid/24655
Summary:
MIT Kerberos 5 Administration Daemon (kadmind) is prone to a remote code-execution vulnerability.
An attacker can exploit this issue to execute arbitrary code with superuser privileges, completely compromising affected computers. Failed exploit attempts will likely result in a denial-of-service conditions.
All kadmind servers run on the master Kerberos server. Since the master server holds the KDC principal and policy database, an attack may not only compromise the affected computer, but could also compromise multiple hosts that use the server for authentication.
This issue also affects third-party applications using the affected RPC library.
kadmind versions prior to krb5-1.6.1 are vulnerable.
14. MIT Kerberos 5 KAdminD Server RPC Type Conversion Stack Buffer Overflow Vulnerability
BugTraq ID: 24657
Remote: Yes
Date Published: 2007-06-26
Relevant URL: http://www.securityfocus.com/bid/24657
Summary:
Kerberos 5 kadmind (Kerberos Administration Daemon) server is prone to a stack-based buffer-overflow vulnerability because the software fails to adequately bounds-check user-supplied data before copying it to an insufficiently sized buffer.
An attacker can exploit this issue to execute arbitrary code with administrative privileges. A successful attack can result in the complete compromise of the application. Failed attempts will likely result in denial-of-service conditions.
This issue also affects third-party applications using the affected RPC library.
All kadmind servers run on the master Kerberos server. Since the master server holds the KDC principal and policy database, an attack may not only compromise the affected computer, but could also compromise multiple hosts that use the server for authentication.
Kerberos 5 kadmind 1.6.1and prior versions are vulnerable.
15. RealPlayer/HelixPlayer ParseWallClockValue Function Buffer Overflow Vulnerability
BugTraq ID: 24658
Remote: Yes
Date Published: 2007-06-26
Relevant URL: http://www.securityfocus.com/bid/24658
Summary:
RealPlayer and HelixPlayer are prone to a buffer-overflow vulnerability because the applications fail to bounds-check user-supplied data before copying it into an insufficiently sized buffer.
Successfully exploiting this issue allows remote attackers to execute arbitrary code in the context of the application using the ActiveX control (typically Internet Explorer). Failed exploit attempts likely result in denial-of-service conditions.
This issue affects version 10.5-GOLD for both RealPlayer and HelixPlayer; other versions may also be affected.
16. Wireshark Multiple Protocol Denial of Service Vulnerabilities
BugTraq ID: 24662
Remote: Yes
Date Published: 2007-06-26
Relevant URL: http://www.securityfocus.com/bid/24662
Summary:
Wireshark is prone to multiple denial-of-service vulnerabilities.
Exploiting these issues may permit attackers to cause crashes and deny service to legitimate users of the application.
Wireshark versions prior to 0.99.6 are affected.
17. CA BrightStor ARCserve Backup Server Unspecified Remote Code Execution Vulnerability
BugTraq ID: 24680
Remote: Yes
Date Published: 2007-06-27
Relevant URL: http://www.securityfocus.com/bid/24680
Summary:
Computer Associates BrightStor ARCserve Backup is prone to a remote code-execution vulnerability.
Currently, very few details are available regarding this issue.
Attackers can exploit this issue to execute arbitrary code with SYSTEM-level privileges.
Version 11.5 SP3 for Microsoft Windows is reported vulnerable; other versions may also be affected.
III. LINUX FOCUS LIST SUMMARY
---------------------------------
IV. UNSUBSCRIBE INSTRUCTIONS
-----------------------------
To unsubscribe send an e-mail message to linux-secnews-unsubscribe@securityfocus.com from the subscribed address. The contents of the subject or message body do not matter. You will receive a confirmation request message to which you will have to answer. Alternatively you can also visit http://www.securityfocus.com/newsletters and unsubscribe via the website.
If your email address has changed email listadmin@securityfocus.com and ask to be manually removed.
V. SPONSOR INFORMATION
------------------------
This Issue is Sponsored by: SPI Dynamics
ALERT: "How A Hacker Launches A Cross-Site Scripting Attack"- White Paper
Cross-site scripting vulnerabilities in web apps allow hackers to compromise confidential information, steal cookies and create requests that can be mistaken for those of a valid user!! Download this *FREE* white paper from SPI Dynamics for a complete guide to protection!
https://download.spidynamics.com/1/ad/xss.asp?Campaign_ID=70160000000CsFU
No comments:
Post a Comment